fix: add missing permission to get namespaces (#2728)

dcoppa · web-flow · commit dfaf42a8833a · 2025-09-22T22:58:00.000-06:00
diff --git a/deploy/helm/generated/role.yaml b/deploy/helm/generated/role.yaml
@@ -20,6 +20,12 @@ rules:
   - get
   - list
   - watch
+- apiGroups:
+  - ""
+  resources:
+  - namespaces
+  verbs:
+  - get
 - apiGroups:
   - ""
   resources:
diff --git a/deploy/static/trivy-operator.yaml b/deploy/static/trivy-operator.yaml
@@ -3224,6 +3224,12 @@ rules:
   - get
   - list
   - watch
+- apiGroups:
+  - ""
+  resources:
+  - namespaces
+  verbs:
+  - get
 - apiGroups:
   - ""
   resources:
diff --git a/pkg/operator/cluster.go b/pkg/operator/cluster.go
@@ -329,6 +329,8 @@ func (r *ClusterController) numOfCoreComponentPodsAndNodes(ctx context.Context)
 	return corePodsCount + len(addonPods.Items), len(nodes.Items), nil
 }
 
+// +kubebuilder:rbac:groups="",resources=namespaces,verbs=get
+
 func (r *ClusterController) isOpenShift(ctx context.Context) bool {
 	_, err := r.clientset.CoreV1().Namespaces().Get(ctx, "openshift-kube-apiserver", metav1.GetOptions{})
 	return !k8sapierror.IsNotFound(err)

Original file line number	Diff line number	Diff line change
`@@ -329,6 +329,8 @@ func (r *ClusterController) numOfCoreComponentPodsAndNodes(ctx context.Context)`
`329`	`329`	`return corePodsCount + len(addonPods.Items), len(nodes.Items), nil`
`330`	`330`	`}`
`331`	`331`
	`332`	`+// +kubebuilder:rbac:groups="",resources=namespaces,verbs=get`
	`333`	`+`
`332`	`334`	`func (r *ClusterController) isOpenShift(ctx context.Context) bool {`
`333`	`335`	`_, err := r.clientset.CoreV1().Namespaces().Get(ctx, "openshift-kube-apiserver", metav1.GetOptions{})`
`334`	`336`	`return !k8sapierror.IsNotFound(err)`